doccesicat-cert
download 
Report Transcription
cesicat-cert
2/1/11 CESICAT-CERT Carles Fragoso Mariscal Incident Response Manager [email protected] 32nd TF-‐CSIRT Mee7ng 1-‐02-‐2011 – CaixaForum -‐ Barcelona 2 CESICAT Founda7on: 16 patrons/sponsors – – – – – Departament de Governació Secretaria de Telecomunicacions i Societat de la Informació Departament d’Interior Departament d’Innovació, Universitats i Empresa Centre de Telecomunicacions i Tecnologies de la Informació de la Generalitat de Catalunya • Consorci Administració Oberta de Catalunya • Consell de Cambres de Comerç de Catalunya • Ajuntament de Reus • Agència ACC1Ó • e-‐la Caixa • Universitat Rovira i Virgili • Fundació Barcelona Digital 1 2/1/11 Què ens Which is our… aporta constituency? el CESICAT? Constituency Citizens SME and professionals Universities and R&D centers Public Administration 5 2 2/1/11 CESICAT Service Areas ReacJon PrevenJon Alerts and warnings Remote vulnerability & incident response Security guides Onsite Incident Response Incident analysis Security checklists Remove vulnerability analysis Vulnerability databases PromoJon News Security Training Security Awareness campaigns Development Security bussiness development 3rd Party partnerships 6 Incident Response Team Services 3 2/1/11 Digital Inves7ga7on and Forensics Lab • Informa7on & log correla7on • Informa7on gathering with OSINT • Media Forensic Analysis • Network forensics • Malware and reverse-‐engineering analysis • Vulnerability and exploits PoC tes7ng • IPS/FW rules and signature development CESICAT-‐CERT 2010: incidents 9 4 2/1/11 CESICAT-‐CERT 2010: incidents by cons7tuency 10 Serveis preventius: informes d’anàlisi 11 5 2/1/11 Threats and current trends: LEOs, ISPs, private-‐sector... • • • MalverJsing Cloud CompuJng IH Mobile malware BDigital Global Congress CESICAT-‐CERT on tour 2010! J MAAWG Barcelona Blackhat Europe APWG CeCOS Sao Paulo FIRST Miami BDigital Global Congress Foro ABUSES Underground Economy INTERPOL/Team Cymru Foro ESNOG NoConName Digital Crimes ConsorJum Bdigital Apps 6 2/1/11 CESICAT-‐CERT: Accredita7on, cer7fica7on and partnership • Community membership: CESICAT-‐CERT FIRST Member CESICAT-‐CERT Trusted Introducer accredited team • Quality / Code of Ethics: • Par7cipa7ons and agreements Spanish Coopera@on of ABUSE Teams MicrosoH Security Coopera@on Program (SCP) CESICAT-‐CERT: An@Phishing Working Group Research Partner CESICAT-‐CERT Trusted Introducer accredited team CESICAT-‐CERT: Authorized User of “CERT” 22 de Juliol CESICAT signa un conveni de col·∙laboració amb INTECO per promoure actuacions conjuntes en matèria de seguretat de la informació entre ambdues enJtats. “Safebrowsing”.CAT and Catalonian ASNs 14 Some remarkable cases • • • • • • OTRS vulnerabiliJes idenJfied and reported Drive-‐by-‐download heavy infecJon over 500 websites hosJng ApplicaJon-‐layer SMTP DDoS containment Intrusion & data leakage over cloud compuJng infrastructure MalverJsing over OpenX campaign server Man-‐in-‐the-‐Mobile malware on Blackberry devices 7 2/1/11 8 2/1/11 [email protected] www.cesicat.cat/cert 18 @cesicat 9
